Comply with Mandatory E-Invoicing with Confidence

by Aalbert de Niet and Olivia Vorstheim, SAP

Business process automation can save organizations significant amounts of time and money by simplifying operations and reducing errors. This is particularly true when it comes to automating your invoicing processes and replacing paper-based invoicing with electronic invoicing — known as e-invoicing — where structured billing data is sent in a format that can be automatically read and processed by the receiver of the invoice.¹

The use of structured electronic documents on the procurement side of the invoicing process allows for fast and reliable processing, which leads to considerable savings by reducing the need to manually perform tasks and manage complaints. This approach benefits both sides of the invoicing process — by minimizing the processing time required for incoming invoices, buyers can benefit from early payment discounts, and the issuer benefits from reduced manual processing and paper costs as well as early payments and satisfied customers.

In the past, investing in e-invoicing was usually a business decision based on a return-on-investment (ROI) calculation. In recent years, however, several countries have begun mandating the use of electronic invoices by law. Regardless of the reason behind this enforcement — whether it’s to combat fraud or to save costs on tax administration — the impact on companies is the same: they need to comply with national e-invoicing regulations in the countries in which they are doing business. At first glance, compliance with these standards can seem like a burden, especially for global organizations with a presence in multiple affected countries.

This article introduces SAP Document Compliance, a solution that is designed to help SAP customers navigate these requirements successfully, avoid penalties, get invoices paid, and gain deeper insights into the business. It explains the drivers behind e-invoicing requirements and how they will affect your business — including the opportunity they present for widespread optimization. It then shows you how SAP Document Compliance enables you to comply with e-invoicing regulations in various countries efficiently, confidently, and securely, and gain better control over the life cycle of invoices by embedding them in an automated process.

Why Require E-Invoicing, and What Does It Mean for Business?

Mandatory e-invoicing is changing statutory reporting requirements for taxpayers from the manual submission of aggregated information at specific time intervals to the online submission of transactional information in real time.

Various countries began enforcing the use of e-invoicing starting in 2007, including Argentina (2007), Brazil (2008), and Mexico (2010), followed by Chile (2014), Peru (2014), Colombia (2018), and nearly every other country in Latin America. Most of these countries require companies to register business documents, such as invoices and delivery notes, electronically with local tax authorities before issuing them. The details of the requirements vary from country to country, with some requiring the registration of additional documents, such as tax certificates and payment receipts.

In some cases, the electronic invoice is used only for registration or reporting purposes, while in other cases it completely replaces the paper invoice as the legal document and single source of truth. Many countries in other regions — such as Turkey, Hungary, and Spain — that have adopted similar mandatory e-invoicing regulations have also found them to be effective in combatting fraud and increasing tax revenue that was previously lost in the black economy.

Another area in which e-invoicing is increasingly enforced is with suppliers of public administration organizations, such as federal ministries, city and state government offices, hospitals, and public schools and universities. In Europe, this is largely driven by EU Directive 2014/55/EU, which mandates that public administration entities receive and process invoices electronically. As in the private sector, the digitization of the procurement process can bring considerable economic benefits to the receiving organization, although these benefits also depend on the other party — the sender of the invoice — adjusting to a new billing process.

At times, these two regulatory trends converge and enable increased efficiency. For example, in 2014, the Italian government began requiring suppliers to submit invoices to public administration organizations via a central electronic platform to fulfill EU Directive 2014/55/EU and support automated processing. As of January 2019, the requirement to use this central platform extends to all invoices, meaning that in addition to the e-invoicing requirements for suppliers of public administration entities, all companies doing business in Italy must register invoices electronically with the local tax authority, essentially replacing the periodic reporting of sales and purchasing transactions that was previously in place.

In addition to ensuring compliance and reducing fraud, the national standards and central exchange platforms required to support mandatory e-invoicing offer a business process optimization opportunity for all organizations — not just those that fall under a particular regulation. By proactively adopting government standards, private businesses can reduce the need for format translation and streamline the exchange of electronic documents within a country. This has been the case in some Nordic countries, for example, where the implementation of the Pan European Public Procurement Online (PEPPOL) specification, which is an EU standard for public procurement, has extended beyond business-to-government use and is also being adopted by private companies.

Implementing national standards that are enforced for statutory reporting purposes requires a deep understanding and an accurate interpretation of the legal requirements linked to the exchange of electronic documents in each country. This can be particularly challenging for global companies and conventional electronic data interchange (EDI) providers. SAP helps its customers successfully navigate this task with the cloud-based SAP Document Compliance services.

Tackling E-Invoicing Regulations with SAP Document Compliance

When e-invoicing regulations were first introduced, companies relied on local service providers to fulfill them via add-on solutions and provider-managed services. SAP also provided its customers with e-invoicing solutions for a few countries, as mandatory e-invoicing was initially considered a country-specific requirement relevant only in exceptional cases. These SAP solutions were mostly driven by local SAP subsidiaries, focused on local requirements, and based on different approaches, such as the solution for addressing Brazil’s Nota Fiscal eletrônica (NF-e) regulations, which was based on SAP governance, risk, and compliance (GRC) solutions, and the solution for meeting Mexico’s Comprobante Fiscal Digital por Internet (CFDI) requirements, which was based on SAP Process Integration.

As the number of required country-specific e-invoicing solutions increased over time, along with the complexity involved in supporting different requirements, SAP decided to create a common global solution that could be easily extended to support new countries and processes. Initially introduced in 2014 as the eDocument solution, SAP Document Compliance serves as SAP’s global platform for meeting country-specific digital compliance² requirements identified by SAP Globalization Services.³

Using a common platform to support the exchange of electronic documents with various countries has four key advantages:

• • A reusable platform enables rapid response: The ability to reuse the same platform for country-specific variations is particularly important. The time frame between the publication of detailed requirements and the legal deadline to comply is often very short, and the number of regulations continues to increase each year. By reusing a common platform, SAP can respond rapidly to new and changing requirements — for instance, between January and December 2018, SAP was able to quickly deliver country-specific packages for Italy, Germany, Belgium, the Netherlands, Hungary, Mexico, Colombia, and Spain.

• • A common user interface simplifies the user experience: A single user interface for multiple countries and business processes helps users easily adopt and manage new processes. Seamless integration with the SAP back end allows full automation of the submission and reception process without the need for manual intervention.

• • Generic functionality streamlines implementation and support: Most of the functionality in the solution is built generically and is available to all country scenarios, which reduces the effort required for the implementation and support of new countries. Once the solution has been implemented for the first country, further implementation projects require only the addition of the country-specific packages.

• • Shared use of new features increases coverage: Whenever a new capability is required for a new country, it is made available for multiple scenarios, making the functional coverage of the solution more comprehensive.

Let’s take a closer look at how SAP Document Compliance works.

How SAP Document Compliance Works

SAP Document Compliance is based on a generic eDocument framework, which resides in SAP NetWeaver-based systems (version 7.02 and above) to manage electronic documents, such as electronic invoices, created from source data in back-end SAP solutions, such as SAP ERP and SAP S/4HANA. By extending this generic framework with country-specific variations, SAP Document Compliance supports country-specific formatting and the exchange of electronic documents in a standardized way.

SAP Document Compliance is available in two deployment models: primarily managed on premise and primarily managed in the cloud.

• • Primarily managed on premise: This model requires two components: an on-premise component (SAP Document Compliance, on-premise edition) and a customer-managed cloud platform service (SAP Cloud Platform Integration). In this model, the SAP customer deploys and manages the integration content in the cloud and sets up the connections between the back-end system and SAP Cloud Platform and between SAP Cloud Platform and the tax authorities. This is the model that is used for most of the initially supported countries (such as Italy, Spain, and Colombia).

• • Primarily managed in the cloud: This model requires a single component: a cloud service managed by SAP. The SAP customer sets up only the connectivity between the back-end system and the cloud service, while the service takes care of the connection to the different receivers, simplifying the setup and operation of the solution. Usage rights for the relevant parts of SAP Document Compliance, on-premise edition — which is required to extract data and allow monitoring directly from the back-end system — are included with the service. This is the model used for the newly released SAP Document Compliance, invoicing option for PEPPOL, which is a software-as-a-service (SaaS) offering that currently applies to Belgium, Germany, and the Netherlands.

This article focuses on the deployment model that is primarily managed on premise and is based on SAP Document Compliance, on-premise edition, and SAP Cloud Platform Integration — this model covers the widest range of countries and is the most commonly used by SAP customers. Figure 1 provides an overview of the architecture of this model.

As you can see, the country-specific capabilities are built on top of two key SAP components:

• • SAP Application Interface Framework⁴ is a solution for interface management.⁵ It resides within the architecture of SAP NetWeaver-based systems and enables SAP Document Compliance to interface between source applications — such as SAP S/4HANA and SAP ERP — and SAP Cloud Platform Integration for the creation and country-specific formatting of e-invoicing documents.

• • SAP Cloud Platform Integration is a secure and reliable service running on SAP Cloud Platform that enables integration with external systems via prebuilt end-to-end integration scenarios. For SAP Document Compliance, it enables the communication of the e-invoicing document to the document receiver (the tax authorities or the public administration entity) and the response back to the back-end system. The country-specific integration scenarios are available as eDocument packages from SAP API Business Hub.⁶

SAP Document Compliance supports country-specific requirements for the end-to-end exchange of electronic documents — usually in XML format — that use data from multiple applications. The process starts with SAP Document Compliance extracting data (such as invoice data) from the relevant back-end systems, which are linked to a specific step of a business process (usually the posting of the invoice). SAP Document Compliance documents are created along with source documents for the relevant application components (in the example, the sales and distribution billing, financials, and real estate application components). SAP Document Compliance then extracts the data from these components within the back-end system and submits it for country-specific formatting (in the example, for Spain).

The submission of the electronic document triggers the generation of the country-specific electronic file. The formatting of the file is based on criteria such as document type, provider/buyer country, tax information, and other types of master data, which is defined by the configuration of the country-specific variation of the solution. In the example, the file is formatted according to the Facturae national standard required for Spain whenever the recipient is identified via master data as a Spanish government entity.

Further steps related to security, authenticity, and validation are performed as part of an integration flow within SAP Cloud Platform Integration before a message is sent to the receiver (in the example, the receiver is the FACe e-invoicing platform used by Spain’s General State Administration). A corresponding response is received by SAP Cloud Platform Integration and passed back to the back-end system (SAP ERP in the example). In many cases, the response includes information that must be stored in subsequent documents, such as a universally unique identifier (UUID), which is required for electronic invoices in Mexico, or requires a user action, such as a correction required for a rejected invoice.

Now that you have a sense of how SAP Document Compliance works, let’s take a look at an example that shows e-invoicing in action.

E-Invoicing in Action: An Example

In this example, we’ll walk through using SAP Document Compliance to meet e-invoicing requirements for Colombia. This scenario uses SAP Document Compliance, on-premise edition, and SAP Cloud Platform Integration to pull data from an on-premise back-end SAP S/4HANA system.⁷

Figure 2 shows the user interface for the SAP Document Compliance administration cockpit, known as the eDocument Cockpit (transaction EDOC_COCKPIT), which is provided as part of the eDocument framework. This administration cockpit is mainly used during implementation and testing to configure the e-invoicing process and triggers step by step. Once SAP Document Compliance is up and running, the cockpit is generally used to handle only exceptions — such as connectivity issues and missing configuration data or master data — since the individual steps can be fully automated. With this automation, users can continue working as usual (that is, creating invoices through the usual invoicing transactions) and the submission of the electronic file is triggered automatically in the background.

The left pane of the main cockpit screen shows the different countries and processes that are supported, and the number of associated documents or table entries. The viewable entries depend on the user’s authorization profile and on the implemented country-specific variations. The right pane shows the list of relevant documents created or submitted for the selected process. This list can be restricted by multiple criteria, such as creation date, user, organizational data, status, and the number of days to display. From this screen, you can navigate back to the source document (by double-clicking on the ID listed under the eDocument Source Key column); you can access the interface log (by selecting a line, clicking on the Goto button, and choosing the Interface Log option); or you can display the XML file that was created (by selecting a line and clicking on the Display button). The available actions depend on the country-specific regulations — in some cases, it is possible to cancel or delete documents, or switch to a “contingency” (manual process) mode if the e-invoicing platform used by the relevant tax authority is down. In the example, we select “Colombia eInvoice” in the left pane, which displays the documents created and processed within the last 30 days in the right pane.

To manually trigger the generation of the electronic invoice with country-specific formatting — for testing or demonstration purposes, for example — click on the Submit button. For this example, the invoice will be formatted for the Colombian tax administration, known as DIAN (Dirección de Impuestos y Aduanas Nacionales), and will include a UUID known as CUFE (Código Único de Facturación Electrónica) that is required for electronic invoices in Colombia. Figure 3 shows the XML source for an electronic invoice formatted to meet Colombian requirements, including the file structure and content of the different fields. Figure 4 shows the resulting formatted electronic invoice based on the XML source.

Figure 5 shows an architectural overview of what happens behind the scenes when using the Colombia-specific variation of SAP Document Compliance to send an electronic invoice to the Colombian tax authority. During the sales process, after a purchase order is created, the billing document or invoice is created and posted to accounting — in this case, in SAP S/4HANA. At this moment, SAP Document Compliance intercepts the accounting document and creates an electronic document that can be directly submitted for automatic formatting based on the country-specific settings of the solution.

After it is submitted, the electronic document is handled by SAP Application Interface Framework, which triggers an XML creation process for formatting the document correctly. The web services runtime within SAP Application Interface Framework then performs authentication. It secures the transport using Internet Communication Manager and sends the XML document to SAP Cloud Platform Integration, where it is converted into an electronic invoice, signed, and assigned any additional required information (in this case, the CUFE UUID required for electronic invoices in Colombia). Using the country-specific integration details provided by the predefined content library, which is included with the integration package for the relevant country, the invoice is then forwarded to the relevant tax authority (the Colombian tax authority DIAN, in this case). The response from DIAN together with the signed XML is returned to SAP Document Compliance in SAP S/4HANA, where it is stored. At this point, the document is sent automatically to the customer or business partner.

With security a primary business concern — in particular, when it comes to cloud-based integration — let’s take a closer look at the configurations that are required for ensuring secure integration among the various systems that connect with SAP Document Compliance.

Enabling Secure Integration with SAP Document Compliance

Security in the cloud encompasses a variety of procedures, standards, and technologies for protecting data, applications, and associated infrastructures. SAP Cloud Platform and its services, such as SAP Cloud Platform Integration, provide a highly secure cloud-based platform for running, building, extending, and integrating applications.⁸ To support the SAP Document Compliance solution, you must perform a variety of configurations to ensure secure integration with back-end systems and external tax authorities, including transport-level security, authentication, and integrity controls.⁹

Transport-Level Security from the Back-End System

Connecting to the data center for SAP Cloud Platform requires a secure transport from the back-end system. For this transport, the sender (the back-end system) uses an anonymous Secure Sockets Layer (SSL) client personal security environment (PSE) — or another method, such as user ID and password, although SSL is the recommended approach — to enable secure access between the back-end system and SAP Cloud Platform Integration.

Authentication Between the Back-End System and SAP Cloud Platform

There are two options for authentication from the back-end system (SAP S/4HANA or SAP ERP) to SAP Cloud Platform:

• • Basic authentication: With this option, an authentication schema with a high service level agreement (SLA) must first be configured in SAP Cloud Platform Integration for a process services use case as a prerequisite. Then the user ID and password can be configured.

• X.509 certificate: With this option, in the standard SSL client PSE, a certificate signing request (CSR) must be generated and signed by a mutually trusted certificate authority (CA) — that is, between the SAP customer and SAP. The signed certificate is then imported into the SSL client PSE as well as the complete trust chain. Figure 6 shows an example X.509 client certificate authentication configuration in SOA Manager in SAP ERP.

Authorization Configuration in SAP Cloud Platform Integration

Authorizations must be configured in SAP Cloud Platform Integration for the preconfigured process integration flows (iFlows), which enable the end-to-end integration scenarios. iFlows accept both user ID and password or X.509 end-user certificate subject validation. The iFlows can be configured using a user ID and password for basic authentication scenarios, or by creating a certificate-to-user mapping in SAP Cloud Platform Integration for a process services use case. In the latter case, the end-user certificate subject must be mapped to the user that will execute the iFlow.

Country-Specific Configurations for Integrating with the Receiver

The country-specific requirements will determine the configurations required for invoice signing, transport, and authentication to the receiving tax authority or public administration entity:

• Invoice signing and information generation: The invoice must be electronically signed as part of the iFlow, and any additional required information must be generated, such as the CUFE UUID required by the Colombian tax authority, DIAN. This identifier (colombiasignaturekey in Figure 7) is a key pair provided by a DIAN e-invoicing-compliant certificate authority that must be acquired and installed in the SAP Cloud Platform Integration tenant.

• • Transport-level security for communication with the receiver: Transport-level security is required for sending the invoice from SAP Cloud Platform Integration to the receiving tax authority, such as DIAN in Colombia. With DIAN, for instance, HTTPS is used.

• Authentication to the receiver: The authentication configuration is based on authentication provided directly by the tax authority. For example, with DIAN, a user ID and password are required (see Figure 8).

Summary

National standards for e-invoicing enforced by law are useful not only for providing transparency and enabling savings for governments, but also for driving the adoption of e-invoicing by private businesses, helping companies optimize their billing and invoice management processes. With SAP Document Compliance, electronic exchange becomes an enabler for savings, efficiency, and flexibility. Businesses can fulfill different local e-invoicing regulations while moving a step forward in their digital transformations. And going forward, organizations will have the opportunity to benefit from even more flexibility with cloud-based SaaS deployments of SAP Document Compliance, beginning with the recently released SAP Document Compliance, invoicing option for PEPPOL, and with more to come in the future.

Learn more about SAP Document Compliance at https://help.sap.com/viewer/p/SAP_E_DOCUMENT and at https://bit.ly/eDocumentsYouTube.

^{1 Note that in the context of this article, electronic invoices do not include images, PDFs, and other types of non-structured data. While these types of data might also be transferred electronically, they are not suitable for process automation — if the data is not structured, the individual data elements cannot be checked for errors, retrieved, and processed without additional handling. [back]}

^{2 In this context, digital compliance covers the regulations for using structured electronic documents for the online exchange of information between companies and tax authorities or business partners. [back]}

^{3 SAP Globalization Services is a team within SAP tasked with ensuring that SAP products comply with local regulations in different countries. Learn more at https://support.sap.com/en/product/globalization.html. [back]}

^{4 SAP Application Interface Framework can be downloaded from SAP Support Portal (https://support.sap.com/swdc) for SAP ERP installations. [back]}

^{5 Learn more about SAP Application Interface Framework in the article “Simplified Interface Handling in a Digital Business Landscape” in the October-December 2017 issue of SAPinsider (SAPinsiderOnline.com). [back]}

^{6 SAP API Business Hub (https://api.sap.com/) is an online catalog of application programming interfaces (APIs) developed by SAP and its partners that SAP customers can use to build applications and integrations. [back]}

^{7 You can find more information on both the Colombia scenario (https://youtu.be/Q-A7xv550yc) and eDocument Cockpit (https://youtu.be/45poZepE6U4) at SAP’s YouTube channel. [back]}

^{8 For more on SAP Cloud Platform security, see the SAPinsider articles “Securing the Cloud with SAP Cloud Platform” (October-December 2017) and “Built-In Protection with SAP Cloud Platform” (Issue 1 2018), available at SAPinsiderOnline.com. [back]}

^{9 To learn more about the configuration tasks discussed here in the context of the Colombia example, see the package information available at SAP API Business Hub (https://bit.ly/API-Colombia) and the SAP Cloud Platform Integration implementation guide (https://bit.ly/CPI-Colombia). [back]}

Aalbert de Niet (aalbert.de.niet@sap.com) is Domain Architect for the Digital Compliance Domain within Globalization Development at SAP. The purpose of this group is to help companies across the world comply with regulations mandating the online exchange of information according to country-specific regulations.

Olivia Vorstheim (olivia.vorstheim@sap.com) is Domain Owner for the Digital Compliance Domain within Globalization Product Management at SAP. The purpose of this group is to help companies across the world comply with regulations mandating the online exchange of information according to country-specific regulations.